Strala Policies Overview

This page is meant to be a quick summary of Strala's SLA and Security Policies for convenience. If in doubt, please refer to your Master Service Agreement (MSA) instead of this document.

Service Level Agreement Overview

Uptime and Data Commitment
The Strala XDP is hosted on Amazon Web Service's (AWS) world-class infrastructure. Therefore, the service commitments for uptime and redundancy are based on the same deliverability of AWS technology, with a monthly uptime guarantee for data availability of at least 99.99%.
The uptime commitment for the Strala XDP application and UI (User Interface) is 99.50%.
The data durability for the Strala XDP technology is 99.99999999999%.
The customer data connection to the Strala XDP UI does not fall under the provisions of this SLA.

Technical Support Commitment

  • Critical Issue Resolution: 4 business hours
  • Urgent Issue Resolution: 12 business hours
  • Important Issue Resolution: 2 business days
  • Minor Issue Resolution: 3 business days
Hours of availability
For non-critical issues:
  • 8-5 MST support, Monday - Friday
For critical issues:
  • 24/7 on-call operations team

Platform Security Overview

Physical security
STRALA operates entirely in the cloud (no on-premise data centers), and utilizes AWS (SOC2, ISO 27001, etc) for data and network infrastructure. As part of the AWS shared responsibility model, Amazon provides coverage of all aspects related to physical security, availability, and redundancy of their physical data centers. As AWS is multi-region, Strala operates services primarily in the us-east-1 and us-west-2 regions with edge replication in all other regions where possible.
External Network Security
Strala's approach to security assumes that no public network is trusted and that malicious actors may attempt to access data at any point in time. Traffic analysis is performed to detect and block connections from known malicious hosts.
All information in transit to and from the Strala XDP network boundary is encrypted using SSL/TLS 1.2 or higher. All certificates are issued by AWS or Comodo via Cloudflare.
Internal Network Security
Strala's approach to security assumes that no private network is trusted and that malicious actors may attempt to access data at any point in time. Intrusion Detection Systems are used to monitor attempted connections to Strala's infrastructure.
The Strala XDP utilizes a combination of access control lists and security groups with an Amazon Virtual Private Cloud (VPC) network to isolate each service from one another as much as possible. Data transferred between services inside of the Strala XDP is encrypted using SSL/TLS 1.2 or higher. All certificates are issued by AWS or Comodo via Cloudflare.
Operations personnel are only allowed to connect to Strala's VPC via an OpenVPN connection. All other connections are required to route through the Strala XDP's SSL connection.
Data At Rest
Strala encrypts data at rest using AWS Key Management Service (KMS) to maintain keys for decryption of data. Automated policy management tasks constantly surveil data stores for any files which are not encrypted, at which point the file is encrypted using KMS.
Data at rest is encrypted using AES 256 keys.
Exemptions: Files meant for public consumption are not encrypted at rest. These files include:
  • Web client configurations
  • Web client beacon javascript
  • Web client frontend javascript
Security Tools
Strala utilizes many tools to keep its code an infrastructure clean. These tools include but are not limited to the following.
Intrusion Detection Systems:
  • Alien Vault USM
  • Snort IDS
Static Code Analyzers:
  • deepscan
  • snyk
  • code climate
DDOS Protection:
  • CloudFlare CDN
  • CloudFront CDN

GDPR Overview

Strala interprets GDPR as a data processor. As such, the Strala XDP accepts requests by clients to remove any customer information.
The Strala XDP attempts to keep information from beacon services as anonymized as possible. Strala uses log analysis to detect information which is contrary to this policy, at which point the data is purged and the client is notified. Non anonymous data includes information such as social security numbers, credit card numbers, addresses, and names.
Data Retention
Strala's data retention policy mirrors each client's data retention policy.
Privacy Point of Contact
If you ever have any questions about our privacy policies or practices please contact Strala’s privacy department at:
Privacy Department
3851 North Thanksgiving Parkway
Suite 410
Lehi, Utah 84043
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.